RANSOMWARE DOES NOT HAVE TO SUCCEED.

September 13, 2016

Unlike many other attacks and malware types, the goal of ransomware is as well known as the method: Critical data is encrypted until the victim pays for the key.

For some industries, the question isn’t whether organisations will be hit, but when. After that, the questions tend toward the practical: How can companies avoid becoming a victim, and how should they respond when their best efforts are ineffective?

Three keys to your protection

There are three vital keys to avoid losing money, your business, or your job over ransomware. All three involve preparation long before the attack begins.

1. BACKUP

The first key to look at is backup:

Solid, defensive backup

Defence against advanced persistent attacks

Authentication—keeping unauthorised people out of your network can be the key to avoiding seeing your name in the paper next to the word “victim”

A surprising number of ransomware reports include news that the victim organisation didn’t have a working backup of their data. So, to review: Back up according to an established protocol (something like 3-2-1 is a good start if you don’t have a plan), and regularly test to make sure that you can actually recover data from your backup.

2. GO FARTHER THAN THE PERIMETER

An intruder might camp in your network for weeks or months before he or she springs the trap. You must have intrusion prevention or similar security systems in operation so that you can recognise unusual or unauthorised traffic from within your network—not just attacks from the outside.

3. LOCK IT DOWN

Windows 10 provides a vast array of identification, authentication, and authorisation features. Current-generation laptop and desktop workstations have the hardware components built in to take advantage of those features.

A thorough review of security measures to protect against ransomware must include a close look at workstations to see whether they provide the facilities necessary to protect the total network from attack.

Ransomware is a large and growing problem because it’s effective and profitable. The perpetrators are good at what they do, but you can be better by making sure that you have an uninfected backup at a secure location, you are doing everything possible to keep the attackers out of your workstations and your network, and you have systems in place to recognise intrusion when your defensive efforts fail. Take these three major steps, and the odds are in your favour for avoiding being labelled “victim” in news reports.